Students Preparing for Northeast Collegiate Cyber Defense Competition

Twelve students enrolled in Alfred State College’s Computer and Information Technology bachelor degree programs are preparing to compete at the 2011 Northeast Collegiate Cyber Defense Competition at Northeastern University, Boston, MA. Eight of the 12 will compete at the event March 4 -6. The Alfred State College Cyber Defense team consists of the following members: Michael Romano, Middletown, team captain; Franklin Herrneckar, Andover, team liaison; Benjamin Andrews, Harpursville; Timothy Gonzalez, Norwich; Shane Canaski, Arcade; Joshua Fechter, Corfu; Roosevelt Marthel, Brooklyn; Matthew Merriam, Friendship; Adam Schraner, Ronkonkoma; Michael Starr, Tonawanda; Adam Worth, Pembroke; and Amelio Wright, Arcade.

Including Alfred State College, 11 colleges will be competing at this year’s event. The competitors include some the best universities in the Northeast, including Northeastern University, University of Maine, Champlain College, Harvard University, University of New Hampshire, Stevens Institute of Technology, UMass Boston, RIT, Pace University (NY), and Polytechnic Institute of NYU.

The three-day event will commence on Friday, March 4, where the competition occurs from 1:30-7 p.m.; the following day, competition begins at 9 a.m. until 7 p.m.; and on Sunday, competition lasts from 9 a.m.-12 noon. An awards ceremony will follow at 3 p.m.

The competition requires each of the student teams, known as BLUE teams, to secure the various unsecured enterprises assigned to them. Each enterprise is identical for all teams and consists of a number of computers and network appliances. A RED team of computer security experts from academia and industry begin attacking the BLUE teams by exploiting network vulnerabilities immediately when the teams enter their network room. The RED team reports all vulnerabilities to the WHITE team. The WHITE team consists of the competition judges and scorers. A BLACK team is responsible setting up the computer networks before the competition begins.

During the competition, the WHITE team 'injects' requirements into the workflow of the BLUE teams. All BLUE teams receive the same 'injects' at the same time. 'Injects' can be of any type, from requiring a report to management, to removing one or more team members, to changing the requirements of the enterprise. To win the competition, a BLUE team must be able to balance service-level responsibilities with external attacks and internal demand.

The Collegiate Cyber Defense Competition (CCDC) provides institutions that offer an information assurance or computer security curriculum a controlled, competitive environment to assess their students’ depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems.

The competition tests each student team’s ability to secure networked computer systems while maintaining standard business functionality. The scenario involves team members simulating a group of new employees that have been brought in to manage and protect the IT infrastructure at a small to medium sized IT services company/reseller. The teams are expected to manage the computer network, keep it operational, and control/prevent any unauthorized access. Each team will be expected to maintain and provide public services: a Web site, an e-mail server, a database server, an application server, and workstations used by simulated sales, marketing, and research staff.

The NECCDC is primarily an undergraduate student competition. Teams are comprised of six-eight people; at most, two of these may be graduate students.

Winner of this competition will move on to the 2011 National Collegiate Cyber Defense Competition in San Antonio, TX.